
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO, 



CONFIRMATION NO. 



09/478,254 



01/06/2000 



ROBERT ZUCCHERATO 



0500.9906162 



1450 



23418 7590 12/28/2004 

VEDDER PRICE KAUFMAN & KAMMHOLZ 
222 N. LASALLE STREET 
CHICAGO, IL 60601 



EXAMINER 



ART UNIT 



SMITHERS, MATTHEW 

| PAPER NUMBER * 



2137 

DATE MAILED: 12/28/2004 



r 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



• 

Office Action Summary 


Application No. 

09/478,254 


Applicant(s) 

ZUCCHERATO ETAL 


Examiner 

Matthew B Smithers 


Art Unit 

2137 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 13 July 2004 . 
2a)^l This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 1.3-6.9-11 and 13-16 is/are rejected. 

7) S Claim(s) 2.7.8 and 12 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed July 13, 2004 have been fully considered but they are 
not persuasive. Applicant argues Takahashi does not teach using stored inquiry data for 
obtaining shared authentication data that is subsequently used to initialize operation of 
an information security system. Examiner contends Takahashi does teach initializing 
operation of an information security system (accessing personal information controlling 
apparatus) by using a stored inquiry code value obtained during the inquiry code issuing 
process (see Figures 9 and 10 and column 14, line 16 to column 15, line 19). As shown 
in Figure 10, when a personal information referencer requests to access and display 
personal information about a registrant through the personal information controlling 
apparatus, the referencer enters the registrant's ID along with the inquiry code value 
that was previously generated and stored using the registrant's ID and password (see 
Figure 9, Issue an Inquiry Code). Next, the system uses an inquiry code authentication 
routine to search and compare the entered inquiry data to the stored inquiry data (see 
column 19, line 66 to column 20, line 58). Once a match is found, the registrant's 
password value is retrieved and compared to determine whether access to the personal 
information should be granted to the requester (referencer). 

Based on the above arguments the examiner maintains the rejection given 

below. 



Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1,3-6, 9-11 and 13-16 are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. patent 6,564,323 granted to Takahashi et al. 

Regarding claim 1 , Takahashi meets the claims limitations as follows: 
"A method for initializing operation of an information security operation for an entity, 
comprising the steps of: 

storing at least one of: entity identification data and a function of entity 
identification data and storing associated shared authentication data; 

storing inquiry data to facilitate entry of shared authentication data for 
initialization;" see column 10, lines 18-57 and Figure 2. 

"retrieving the stored inquiry data for presentation based on received entity 
identification data; 

receiving shared authentication data in response to the presented inquiry data; 
comparing received shared authentication data with the stored shared authentication 
data; and 
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determining whether to initialize operation of the information security operation 
based on the comparison." see column 7, line 56 to column 9, line 3 and column 31, line 
18 to column 37, line 16. 

Regarding claim 3, Takahashi meets the claims limitations as follows: 
The method of claim 1 including the steps of: storing data representing a function of the 
entity identification data and storing shared authentication type data; subsequently 
generating data representing a function of the received entity identification data; 
obtaining the stored shared authentication type data based on the subsequently 
generated data representing a function of the received entity identification data; and 
selecting, under control of a processing unit, stored inquiry data for presentation to a 
user, based on the obtained stored shared authentication type data." see column 7, line 
56 to column 9, line 3 and column 31, line 18 to column 37, line 16. 

Regarding claim 4, Takahashi meets the claims limitations as follows: 
"The method of claim 1 wherein the step of initializing the operation of the information 
security operation includes the use of a PAKE or other appropriate protocol." see 
column 9, lines 18-32. 

Regarding claim 5, Takahashi meets the claims limitations as follows: 
The method of claim 1 wherein the step of determining whether to initialize the 
operation of the information security operation includes repeating the steps of retrieving 
stored inquiry data for presentation based on received entity identification data; 
receiving shared authentication data in response to the presented inquiry data and 
combining with previously received authentication data; comparing received shared 
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authentication data with the stored shared authentication data; and determining whether 
to initialize operation of the information security operation based on the comparison." 
see column 7, line 56 to column 9, line 3 and column 31, line 18 to column 37, line 16. 

Regarding claim 6, Takahashi meets the claims limitations as follows: 
"A method for initializing operation of an information security operation for an entity, 
comprising the steps of: 

storing, by a first processor, at least one of entity identification data and a 
function of entity identification data and storing associated shared authentication data; 

storing, by a second processor, inquiry data to facilitate entry of shared 
authentication data for initialization; 

retrieving, by the second processor, the stored inquiry data for presentation 
based on received entity identification data; receiving, by a third processor, shared 
authentication data in response to the presented inquiry data; 

comparing received shared authentication data with the stored shared 
authentication data; and determining whether to initialize operation of the information 
security operation based on the comparison." see column 7, line 56 to column 9, line 3 
and column 31, line 18 to column 37, line 16. 

Regarding claim 9, Takahashi meets the claims limitations as follows: 
"The method of claim 6 wherein the step of initializing the operation of the information 
security operation includes the use of a PAKE or other appropriate protocol." see 
column 9, lines 18-32. 

Regarding claim 10, Takahashi meets the claims limitations as follows: 
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"The method of claim 6 wherein the step of determining whether to initialize the 
operation of the information security operation includes repeating the steps of: retrieving 
stored inquiry data for presentation based on received entity identification data; 
receiving shared authentication data in response to the presented inquiry data and 
combining with previously received authentication data; comparing received shared 
authentication data with the stored shared authentication data; and determining whether 
to initialize operation of the information security operation based on the comparison." 
see column 7, line 56 to column 9, line 3 and column 31 , line 18 to column 37, line 16. 

Claims 11, 13, 15 and 16 are system claims that are substantially equivalent to 
method claims 1, 3, 4 and 5. Therefore claims 11, 13, 15, and 16 are rejected by a 
similar rationale. 

Allowable Subject Matter 

Claims 2, 7, 8, 12 and 14 objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims. The following is a statement of reasons for 
the indication of allowable subject matter: 

With respect to claims 2, 7, 8 and 12; the cited prior art fails to specifically teach 
wherein the step of storing inquiry data includes storing at least one of: a plurality of 
forms containing questions wherein different forms are stored for different types of 
shared authentication data and are selectable through a user interface, and a plurality of 
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questions indexed based on at least type of shared authentication data that are 
automatically selected for presentation based on received entity identification data. 

With respect to claim 14, the cited prior art fails to specifically teach wherein the 
second processor includes a request generator and a question generator and wherein 
the entity includes a graphic user interface for presenting questions received from the 
second processor. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B Smithers whose telephone number is (571) 
272-3876. The examiner can normally be reached on Monday-Friday (8:00-4:30) EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew T Caldwell can be reached on (571 ) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Primary Examiner 
Art Unit 2137 



